Unauthenticated Remote Code Execution on D-Link DIR-823G Devices

Unauthenticated Remote Code Execution on D-Link DIR-823G Devices

CVE-2018-17786 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code.

Learn more about our Web Application Penetration Testing UK.